Method REPORT any errors returns status 501 (Not Implemented)
If on Webserver on mod Auth (mod_auth) and you try request with method REPORT but wit not authorization you get status 501 instead of 401 (Not Unauthorized)
curl 192.168.0.1 -X REPORT (Return 501 instead of 401)
if you want to request to a nonexistent url (file) you get status 501 instead of 404 (Not Found)
curl 192.168.0.1/nonexistent.html -X REPORT (Return 501 instead of 404)
Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2804 152afb58-edef-0310-8abb-c4023f1b3aa9
#2 Updated by sinoptik about 6 years ago
Why should it respond with something else than 501 if it does not understand the method?
The behavior is completely fine.
I think the first need check for a file or authorization and send different errors status instead of one, it will be more informative.
I want to move my project from apache (in apache return 404 abd 401) to lighttpd but this thing blocked me.
#3 Updated by icy about 6 years ago
Well I don't agree. The method specifies how the webserver handles the given request. Why should it check if a file exists and then decide how to handle it? It makes no sense. There can be methods that create content and don't request it, how would you handle this case?
So again, the current behavior is fine.
#4 Updated by stbuehler about 6 years ago
if a server doesn't understand a method, a 404 is definitely not appropriate (for example, 404 for PUT would be plain stupid).
But i guess mod_auth should probably trigger for all methods, as some module other than static file could handle it if mod_auth let it through.
If my understanding of the current status is correct, mod_auth does trigger a 401, but it gets overwritten in connections.c:453 with 501.
con->mode = p->id instead of DIRECT in mod_auth.c line 278 should fix it.
Also available in: Atom